Fixes#9509
Change the documentation to make it more clear that a cookie must be set server side to take advantage of the AngularJS convention to address CSRF. This change adds code showing how to set the cookie via `IAntiforgery`.
Review and update code samples for setting up social providers on asp.net core 2.
* Turns out they already had notes about default service settings being overridden when setting up social providers, so no change necessary - please sanity check. I ended up just updating the sample code to match the latest result from WebApp generator.
Remove bad repo link in social index.
<!--
# Instructions
When creating a new PR, please reference the issue number if there is one:
Fixes #Issue_Number
The "Fixes #nnn" syntax in the PR description allows GitHub to automatically close the issue when this PR is merged.
NOTE: This is a comment; please type your descriptions above or below it.
-->
* Whoops - didn't mean to merge that to this branch!
* minor updates
* minor updates
* Fixed issue #8552
* added a note on URL
* made Auth URL consistent with the portal (rather than Visual Studio)
* added a cool dagger for Luke
* phrasing
* formatting
* formatting - re-adding code fenced URLs
* Update azure-ad-b2c-webapi.md
* SEO 2018 for /core/azure and /core/security directories
* SEO 2018 for /core/razor-pages directory
* added custom tag
Demo\IdentityDemo.csproj : error NU1605: Detected package downgrade: Microsoft.EntityFrameworkCore.Tools from 2.0.3 to 2.0.0. Reference the package directly from the project to select a different version.
Demo\IdentityDemo.csproj : error NU1605: IdentityDemo -> Microsoft.AspNetCore.All 2.0.9 -> Microsoft.EntityFrameworkCore.Tools (>= 2.0.3)
Demo\IdentityDemo.csproj : error NU1605: IdentityDemo -> Microsoft.EntityFrameworkCore.Tools (>= 2.0.0)
The build failed. Please fix the build errors and run again.
<!--
When creating a new PR, please do the following:
* Reference the issue number if there is one, e.g.:
Fixes #Issue_Number
The "Fixes #nnn" syntax in the PR description allows GitHub to automatically close the issue when this PR is merged.
NOTE: This is a comment; please type your descriptions above or below it.
-->
Fixes#9549
* Not a full UE pass on the group of external provider topics ... don't quite have time for that right now. However, I do hit a number of small UE-type updates.
* Engineering: You only need to look at one thing here: See the *forwarded-headers-middleware.md* file. The content of the file is below. The INCLUDE is linked into the external auth provider topics to surface Forwarded Headers Middleware (proxy/LB topic).
> \#\# Forward request information with a proxy or load balancer
>
> If the app is deployed behind a proxy server or load balancer, some of the original request information might be forwarded to the app in request headers. This information usually includes the secure request scheme (\`https\`), host, and client IP address. Apps don't automatically read these request headers to discover and use the original request information.
>
> The scheme is used in link generation that affects the authentication flow with external providers. Losing the secure scheme (\`https\`) results in the app generating incorrect insecure redirect URLs.
>
> Use Forwarded Headers Middleware to make the original request information available to the app for request processing.
>
> For more information, see \<xref:host-and-deploy/proxy-load-balancer>.
If it's easier to provide feedback in a comment here over hunting down the file on the diff, that works for me.
Luke Latham
Nick George
Rick Anderson
Andrew Steele
Scott Addie
Pavel Krymets
l0bd0n
Dave
Jon Stelly
Kirk Larkin
Valeriy Novytskyy
Dave Brock
Tom Dykstra
Cam Soper
lovelangy
Scott Addie
Vincent Pestana